Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security+ SY0-501 by Glen E. Clarke > Ch6 - Mitigating Security Threats > Flashcards

Ch6 - Mitigating Security Threats Flashcards

1
Q

Operating System Hardening

A
  1. Disabling unnecessary services
  2. Removing unnecessary accounts
  3. Removing unnecessary components
  4. Uninstalling unnecessary software
  5. Patch System (Security hot-fix, Patch, Service Pack)
  6. Password Protection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security hot-fix

A

A security hot-fix, also known as a critical update, is
a security update that should be applied to your system as quickly as possible because the vulnerability opens the system to serious security risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Patch

A

A patch, also known as an update, is a fix to a particular
problem in software or operating system code that is not required to be applied immediately because the security risk is not as severe as that addressed by a hot-fix.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Service pack

A

A service pack is all updates for a product, including
patches and security hot-fixes, from the time the product was released up to the time of the service pack. If you install a service pack, you will not need to install each patch individually, because the service pack includes all updates up to that point. You will need to install patches and security fixes that come out after the service pack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Tools for System Hardening

A
  1. Group Policies
    Group policies can be configured on the local system (the system the administrator is configuring) or can be centrally configured in the Active Directory domain, which means the settings will apply to a number of systems and users every 90 minutes, or on next user logon, or on system restart.
  2. Security Templates
    Security templates are text files that you create that have policy settings in them. The benefit of a security
    template is that once you configure the template, it can then be imported into the group policies of a local system or into Active Directory.
  3. Patch Management
  4. Configuring a Security Baseline
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Configuring a Security Baseline

A

A security baseline is a standard configuration that has been approved by the company for a specific type of system or device as being secure. This standard configuration is required for all systems in order to meet the desired security requirements of the company.

Any changes to a system after the system has the security baseline implemented must follow the change management process defined by the company. It is important that if you make a change to a system that had the security baseline applied, you evaluate the system after the change to ensure that the change has not affected the security state of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security Posture

A
  1. Initial Baseline Configuration
  2. Continuous Security Monitoring
  3. Remediation
    Remediation is the process of correcting a fault in the system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Methods of Reporting

A
  1. Alarms
  2. Alerts
  3. Trends
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Alarms

A

An alarm is used to report critical events that typically require some form of action from the system or network administrator. For example, an alarm may be used to notify an administrator of suspicious traffic on the network. In this case, the alarm is used to attract the attention of the network administrator so that they can investigate the issue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Alerts

A

An alert is a less critical type of notification used to notify the system or network administrator that a specific event has occurred, but no action may be required by the administrator. Typically, an alert is used to notify the administrator of a change that has occurred, such as a system coming online or a printer being purged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Trends

A

A trend is a type of reporting method used to identify security issues such as someone performing a port scan on the network. Trend analysis typically involves looking at log files or packet captures and analyzing the information to identify a trend that may help the administrator understand what is happening on the network.

For example, if the network administrator is looking at a packet capture and sees that the same source IP address is connecting to multiple ports within a very short time, then most likely a port scan is occurring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Software Development Life Cycle (SDLC)

A

Software Development Life Cycle (SDLC) outlines the major phases to developing an application. There are six phases to the software development life cycle:
Requirements: gathering and analysis The first phase involves collecting the requirements for the application.

Design: After the requirements are collected, you then work on designing the application based on the requirements.

Implementation (coding): The implementation phase is also known as the coding phase. During this phase, you write the code for the application.

Testing: After the coding phase, you then must test the code to verify the code does what it is supposed to.

Deployment: After testing, you are ready to install (deploy) the application to the system or systems that need to have the application.

Maintenance: During maintenance, you typically receive feedback from the persons using the application. You will need to fix any problems that arise with the application in this phase.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SDLC Models - Waterfall & Agile

A

Waterfall
With the waterfall model, you progress through each phase of the SDLC without the capability of going backward in phases at any time. The point is that you must be sure to complete each phase to its fullest so that there is no need to go back (that was viewed as costly when this model was created).

Agile
With the agile model, you can take a more iterative approach and go to a previous phase if you realize something was missed or needs to be reworked.

For example, you could do some requirements gathering, do some design, and then implement a prototype for the customer to review. Then, based on feedback from the customer, you may have to revisit the first few phases to complete requirements gathering and the design of the application. During testing, you may find that you need to change the design or change the code. The agile model views the capability to go back to a phase as critical to application development.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Secure DevOps

A

Secure DevOps is the principle of training developers to consider security from the beginning of the SDLC. Instead of viewing security as an afterthought, or something that you apply to the code after the fact, the code is
implemented with security in mind from the beginning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Principles of Secure DevOps

A
  1. Security automation
  2. Continuous integration
  3. Baselining
  4. Immutable systems
  5. Infrastructure as code
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Immutable Systems

A

Immutable systems is the practice of making no changes to the systems once they are in place. This includes configuration changes to the system and security updates. Making changes to the system could affect the application environment and cause the application to function differently. If a change to a system is required, you would deploy a new system (not make changes to the existing system) with all required changes and test your application on that new system before redeployment.

17
Q

Infrastructure as code

A

As part of the Secure DevOps principles, you can have your code create the infrastructure for the application to run on. For example, you could have code that creates a virtual machine to host the web application. One of the major benefits of having your code create the infrastructure is that you know the configuration of the system is consistent with the design on the application.

18
Q

Provisioning

A

Provisioning is the setting up of a new system.

The goal of provisioning is to ensure the system is compliant, thereby reducing vulnerabilities to attacks. As part of the provisioning process, you will grant users access to the application.

19
Q

Deprovisioning

A

Deprovisioning a system is the process you take to remove the system from the application environment.

When deprovisioning an application or system, you first alter the access control to ensure users do not have access to the system or application. An important point to remember with deprovisioning is that when an employee is terminated or leaves the company you will need to follow procedures to deprovision their access to the system.

20
Q

Secure Coding Techniques

A
  1. Proper Error Handling
  2. Proper Input Validation
  3. Stored Procedures
  4. Code Signing
  5. Encryption
21
Q

Code Sigining

A

Code signing is a technique developers can use to digitally sign their code so that companies know where the code came from and they can trust that the
code will do no harm to the system. Code signing also adds integrity to the code because a hash of the code is generated, meaning the code is run through an algorithm and an answer is generated. The answer is stored with the code. This gives you a way to verify that the code has not been altered when you check the code against the hash (answer) later on.

In order to digitally sign code, like a .DLL, .EXE file, or even a script such as a PowerShell script, you need a code signing certificate. This certificate is an electronic file that contains keys used to digitally sign other files. You will learn more about certificates and PKI in Chapters 12 and 13.

22
Q

Other Secure Coding Techniques

A
  1. Normalization
  2. Obfuscation/camouflage
  3. Code reuse/dead code
  4. Server-side vs. client-side execution and validation
  5. Memory management
  6. Limit use of third-party libraries and SDKs
  7. Data exposure
23
Q

Code Quality and Testing

A
  1. Static code analyzers
  2. Dynamic analysis (e.g., fuzzing)
  3. Stress testing
  4. Sandboxing
  5. Model verification
24
Q

Methods of Mitigation

A
  1. Network segmentation
  2. Security layers (Defense in Depth)
  3. Application firewalls
  4. Manual updates (with Patch Management)
  5. Firmware version control
  6. Wrappers
  7. Control redundancy and diversity
    Controlling redundancy and diversity is the security principle of ensuring that you diversify the products used to create layers of security.
25
Q

Industry-Standard Frameworks and Reference Architectures

A
  1. NIST Cybersecurity Framework
  2. NIST SP 800-171
  3. CIS Critical Security Controls
  4. ISO/IEC 27001 and 27002
26
Q

Framework Categorization

A
  1. Regulatory
    A regulatory framework is a set of best practices that your organization needs to follow to maintain compliance.
  2. Nonregulatory
    Nonregulatory frameworks are designed to give recommendations on security best practices.
  3. National vs. international
    There are a number of national and international frameworks that are designed to give recommendations and best practices on information security.
  4. Industry-specific frameworks

CompTIA Security+ SY0-501 by Glen E. Clarke (48 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions